Feds Preach Cybersecurity to Carmakers

New U.S. guidelines would defend connected cars, which today are sitting ducks

2 min read
cybersecurity for cars

The U.S. traffic safety agency has firmly nudged carmakers into tightening their standards for cybersecurity. And if the nudge fails, then enforceable rules will surely follow.

For now, though, the National Highway Transportation Safety Administration is calling its list of best practices mere guidelines. NHTSA published them last Monday, exactly three months after two researchers showed what’s at stake by remotely commandeering a Jeep Cherokee driving on a highway. The researchers described their cyberattack at a conference held in August. And they talked about other vulnerabilities last week

The main theme of the guidelines is that auto companies should make cybersecurity a priority. That would mean sharing information with rivals, for instance by logging and relaying the details of an attack through “seamless and direct communication channels,” so that other companies can devise countermeasures.

It’s not easy to force such close cooperation: Technology is now the most competitive aspect of the auto business.

NHTSA also wants companies to give outside developers less access to engine control units (ECUs). If a developer needs such access to debug a system, then the developer should have an interface that allows tinkering only with the relevant system.

As cars begin to connect, first with the infrastructure and then with each other, the risk increases that any attack will snowball. NHTSA wants all communications with the outside world—like the GPS navigation system—to run along channels that bypass ECUs.

One may wonder, though, exactly what scenario keeps NHTSA cybersecurity experts up at night. Today, if bad guys want to attack a car from a distance, they can (and do) use remotely controlled IEDs. So maybe the real threat is not to our bodies but to our digital secrets: A connected car may lead criminals to our bank accounts. And, as Willie Sutton said, that’s where the money is.

The Conversation (0)

How Software Is Eating the Car

The trend toward self-driving and electric vehicles will add hundreds of millions of lines of code to cars. Can the auto industry cope?

14 min read
ZF Friedrichshafen AG

Predictions of lost global vehicle production caused by the ongoing semiconductor shortage continue to rise. In January, analysts forecast that 1.5 million fewer vehicles would be produced as a result of the shortage; by April that number had steadily climbed to more than 2.7 million units, and by May, to more than 4.1 million units.

The semiconductor shortage has underscored not only the fragility of the automotive supply chain, but placed an intense spotlight on the auto industry’s reliance on the dozens of concealed computers embedded throughout vehicles today.

Keep Reading ↓ Show less